SOP (Same Origin Policy) and CDN SVG XSS
If an SVG file with an XSS payload is hosted on say cdn.example.com and is loaded as a display picture on say mainprod.com, can the XSS payload within the SVG file access and steal cookies from mainprod.com despite the Same-Origin Policy (… Continue reading SOP (Same Origin Policy) and CDN SVG XSS